Russia-Ukraine War: Cyberattacks Fail to Best PartnershipsAs Stalemate Continues, Tempo of Cyber Operations Reflects Limits of Hack Attacks
One year after Russia initiated its war of outright conquest in Ukraine, the cyberwar many feared Moscow would unleash hasn't come to pass. In fact, while cyber operations have been a component of Russia's war, and cybersecurity a necessity of Ukraine's defense, cyberattacks have not played a decisive role.
Russia has obviously failed to seize control of Ukraine, while taking enormous losses - and causing massive terror, destruction and death - in the process. But Russia's use of, and decision to not use, cyberattacks is an illustration that the usefulness of cyber in actual warfare is limited.
With Russian troops largely deadlocked in eastern Ukraine, cyberattacks offer no magical opportunity for Russia to finally seize the day. At the same time, Ukraine's continuing survival demands it maintain robust cyber defenses, which so far it has continued to do, in part via extensive assistance from Western technology companies.
"Cyber operations are very difficult to integrate into conventional military operations (at least given all the evidence available at this time), yet continue to function as a weapon of terror (along with conventional items such as missiles and artillery) against civilian populations," reports Joe Slowik, the threat intelligence manager at Huntress.
The waning importance of cyberattacks can be traced via the tempo at which Russia launched them to support military objectives. These so-called "cyber fires" peaked in the first week of last year's invasion, says Jon Bateman, a senior fellow in the Technology and International Affairs Program at the Carnegie Endowment for International Peace, who has published an in-depth report on Russia's cyber operations.
Cyber fires contributed "modestly to initial invasion, then quickly faded in relevance," he says. The most notable was Russia's hack of modems that connect to Viasat's KA-SAT satellite communications network, which began Feb. 24, around the time that Russian forces massed on Ukraine's border invaded.
Bateman says that while that hack attack "plausibly helped degrade" Ukraine's command, control, communications, computers, intelligence and interoperability, it didn't stop defenders from rebuffing Russia's attempt to seize Kyiv.
No cyber operation since then "has had comparable known military impact," he says.
Similarly, wiper attacks - a distinctive feature of Russian aggression in cyberspace - skyrocketed during the first four months of 2022 but have since tapered, concluded a report issued last week by Google's Threat Analysis Group, together with Google's Mandiant incident response team.
Russia may have exhausted its stored arsenal of wiper malware and has yet to resupply. Or perhaps wiper malware did not have the impact military planners desired.
Of course, there is uncertainty in any observation of the battlefield while fighting is in progress. A Dutch military intelligence report released this week says many attacks have yet to publicly come to light.
"Before and during the war, Russian intelligence and security services engaged in widespread digital espionage, sabotage and influencing against Ukraine and NATO allies," the Dutch Military Intelligence and Security Service and General Intelligence and Security Service report. "The pace of Russian cyber operations is fast and many of these attempts have not yet become public knowledge."
Cyber and Morale
Cyber weapons' relative lack of sizzle on the battlefield doesn't mean Moscow has stopped deploying them. Instead, their aim may have shifted from military effects to undermining the civilian populace's confidence in Kyiv by sowing terror.
CyberPeace Institute, a Geneva-based nonprofit that tracks the impact of cyberattacks on civilians, says Russian attacks target civilians, in violation of international law. In the past 12 months, CyberPeace Institute says there have been 1,100 reported cyberattacks and operations tied to the conflict - attributed by third parties to 80 different threat actors - including malware, wipers, cyberespionage, distributed denial-of-service attacks, phishing, ransomware, website defacements, hack and leak, information operations and more.
What types of attacks were deployed against organizations in each country?
CyberPeace Institute reports that of all incidents it tracked during last three months of 2022, nearly 90% involved DDoS attacks. Inside Ukraine, the most targeted sector was financial services, against which attacks doubled during the period between July and September.
The Importance of Partnerships
Two unforeseen developments of Ukrainian cyberspace conflict are the extent to which hacktivists have featured and the importance of Western technology giants.
On the hacktivist front, numerous Russia-allied groups continue to launch nuisance attacks at Ukraine and allies. The impact of these efforts appears to be minimal, except for propaganda purposes.
Ukraine has been able to bolster morale by counting on an IT army of international volunteers. Researchers have found that while good for morale, the keyboard warriors' real-world impact has also been minimal (see: Russia-Ukraine War: Role of Hacktivists Vastly Overestimated).
What has had an enormous impact is the extensive Western support enjoyed by Ukraine, not just from intelligence agencies but also technology companies such as Microsoft and Eset, as well as SpaceX's Starlink network of satellite communications service. Western cloud-based infrastructure has helped keep Ukraine's government functioning, and Russia has been unable to disrupt this online infrastructure and defenses - and not for lack of trying (see: CEO Marko on How the Russia-Ukraine War Has Affected Eset).
This is the current state of the Russia-Ukraine war as it enters its second year: While cyberattacks and operations continue, they will not carry Russia to victory. At the same time, cyber defense remains essential.
This mirrors the bigger picture, in that "the war in Ukraine has become a war of attrition with no end in sight," according to the Dutch military report.
For Ukraine to continue to repel Russia's invasion, Western help remains vital.
"The success of the Ukrainian digital defense is not guaranteed," the Dutch military intelligence agencies report. "This success can probably only be sustained as long as Western support remains as intensive and adaptive as the cyber operations of the Russian intelligence services."